An Italian researcher has published details of a new batch of unpatched vulnerabilities found in the SCADA (Supervisory Control and Data Acquisition) products from seven different vendors.
Assessing the significance of the 14 zero-day vulnerabilities explained by Luigi Auriemma in proof-of-concept detail with exploit code is incredibly difficult to do, but they offer an unsettling picture of the flaws that seem to exist in systems normally hidden out of sight. The companies mentioned include Beckhoff, MeasureSoft, Rockwell, Carel, Progea, AzeoTech, and Cogent, products used to control industrial systems across sectors including manufacturing, aerospace, military, and more or less any sector that might use SCADA.
Auriemma has a record of hunting down flaws in SCADA technology, having published 34 zero-day holes in March 2011. He remains unrepentant about his public disclosure of security flaws for which no patches exist.
"I like only to find them [flaws] and releasing the informations (sic) as soon as possible," he explains on his website. "And remember that I find bugs, I don't create them, the developers are the only people who create bugs (indirectly naturally) so they are ever the only responsible."
In the last year SCADA has gone from an obscure albeit important backwater of software security thanks probably to the discovery of a worm called Stuxnet, which was apparently deployed to attack systems used within the nuclear program of Iran over a year period from the summer of 2009 onwards.
Who created it and why has been speculated on ever since, but it was clear that profit-seeking criminals were an unlikely to have been behind it. With many suspecting the involvement of a government, suddenly SCADA seemed like a vulnerable underside for systems across almost every industry in the world.
SCADA exploits, meanwhile, have continued to be made public with disturbing regularity.
-News Source (PC World & Cnet)
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
NEWS
,
vulnerablity